CVE-2022-25844 MEDIUM

CVE-2022-25844: Regular Expression Denial of Service (ReDoS)

Vendor N/A
Product angular
Published May 1, 2022
Last update November 3, 2025

CVSS base score

5.3/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality None
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:F

What the vulnerability does

01Description

The package angular after 1.7.0 are vulnerable to Regular Expression Denial of Service (ReDoS) by providing a custom locale rule that makes it possible to assign the parameter in posPre: ' '.repeat() of NUMBER_FORMATS.PATTERNS[1].posPre with a very high value. **Note:** 1) This package has been deprecated and is no longer maintained. 2) The vulnerable versions are 1.7.0 and higher.

Key dates

02Disclosure timeline

May 1, 2022 CVE published
November 3, 2025 Record updated